However, to your second point, cars are smart now and there’s no going back. So cars do need software updates to close attack vectors.
He’s not saying that cars shouldn’t be updated… But that OTA updates are a problem. They’re saying that it should be a drive to the dealership to do an update. I would go a step further and make it possible to have it opt-in for car manufacturer to send out cd/usbs to update firmware.
Offline updates are generally fine and not super susceptible to general hacking. OTA on the other hand… that’s a massive risk for a reward of… slightly faster fix times?
If it’s a safety system, it might be “have the car taken to the dealership on a flatbed truck”. Also, some people don’t live near a dealership.
Like it or not, all modern cars are connected - for the maps if nothing else - and if a car is capable of an OTA update, I say do it. I don’t see how a dealership adds anything other than cost which will always discourage updates from being made at all.
And I actually think physical updates are easier - connect a laptop to the ECU, and you’re done. It’s generally only OTA updates that use code signing/etc.
He’s not saying that cars shouldn’t be updated… But that OTA updates are a problem. They’re saying that it should be a drive to the dealership to do an update. I would go a step further and make it possible to have it opt-in for car manufacturer to send out cd/usbs to update firmware.
Offline updates are generally fine and not super susceptible to general hacking. OTA on the other hand… that’s a massive risk for a reward of… slightly faster fix times?
If it’s a safety system, it might be “have the car taken to the dealership on a flatbed truck”. Also, some people don’t live near a dealership.
Like it or not, all modern cars are connected - for the maps if nothing else - and if a car is capable of an OTA update, I say do it. I don’t see how a dealership adds anything other than cost which will always discourage updates from being made at all.
And I actually think physical updates are easier - connect a laptop to the ECU, and you’re done. It’s generally only OTA updates that use code signing/etc.